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DETAILED ACTION 

1. Claims 1-3, 5-11, 13-14, 16, 18-21 have been examined. 



2. The Amendment, and remarks therein, received on 10/17/05 have been entered and 
carefully considered. 

3. The Amendment introduces a new limitation into the originally sole independent 
claims 1,10 and 16. 

4. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 

Response to Amendment 

5. Applicant's arguments have been carefully considered but they were not found 
persuasive. 

6. Applicant essentially argues a newly introduced limitation presented in claim 1,10 
and 16. Specifically applicant argues that the art of record does not teach replacing 
identification information for the computer device with information for the tunnel 
mechanism. 

7. The examiner points out that Birrell et al. teach a tunnel mechanism between a host 
(client) and a computer device (private resources), wherein the tunnel mechanism is 
in communication with the host and the computer device (Fig. 1). 

8. Specifically Birrell et al. teach that the proxy server 143 forwards the authenticated 
request 210 to the specified resource 160 inside the firewall 130 using the non- 
secure HTTP protocol. The resource 160 replies to the request with, for example 
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private data, in message 21 1. The proxy server 143 then forwards the data, using 
secure HTTPS protocol, in a message 212 (step 380) (col. 4 lines 52-57). 

9. Thus it is clear that as far as the external client is concern the response appears to 
originate from the tunnel mechanism (identified by URL: HTTPS:// ....) while actually 
the originating internal device's address (the external device can not access the 
internal device directly) is HTTP:// .... 

10. Also, Birrell etal. provides alternative addressing scheme between the external 
client, the tunnel and the internal device. In this embodiment, as applicant noted, 
the source information is encoded. However, the examiner points out that not only 
the original information is encoded but they are also replaced ("the entire original 
URL is encoded in the remainder of the redirected URL ", col. 5 lines 5-12) 

1 1 .Thus Birrell et al. provides two possible embodiments and both of them clearly show 
that as far as the external client is concern the party receiving and responding to the 
requests from an external client is the tunnel mechanism and that the computer 
device is hidden from the external client. 

12. Also, as discussed above, the tunnel communicates with the internal device using 
the non-secure protocol (URL starting: Http:) and replace the protocol to the secure 
while communicating with the external client (URL: Https:), which reads on the 
internal identification information for the internal device are replaced with the 
identification information for the tunnel mechanism prior to transmittal of the modified 
response to the external client device. 
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1 3. In regard to Bal et al. 's teaching the examiner points out that Bal et al. 's invention 
utilizes a network address translation (interpreted as a tunnel mechanism). The 
network address translation inherently changes information of the source with 
identification information of the network translation (changes external addresses to 
internal addresses and internal to external addresses, pg. 3 line 54-58 and col. 4 
lines 25-50). 

14. Claims 1-3, 5-11, 13-14, 16, 18-21 have been examined. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

15. Claims 1-3, 5-6, 10-11, 13-14, 16 and 18 remain rejected under 35 U.S.C. 102(b) as 
being anticipated by Birrell et al. (U.S. Patent No. 5805803). 

16. As per claims 10-11 and 14 Birrell etal. teach receiving with a tunnel mechanism an 
access request from the external client device to the internal network device, the 
tunnel mechanism being communicatively linked to an interface of the internal 
device, and on verifying that the external device is currently authenticated as an 
authorized user (Fig. 1 and col. 4 lines 47-54), modifying the access request to 
include an address of the interface of the internal device and on operating the tunnel 



Application/Control Number: 09/728,257 Page 5 

Art Unit: 2134 

mechanism to route the modified access request to the interface of the internal 
device and modifying the response with the tunnel mechanisms to-replace 
identification information for the internal device with identification information for the 
tunnel mechanism.prior to transmittal of the modified response to the external client 
device, wherein the identification information includes URL information for the 
internal device and response modifying includes replacing the internal device URL 
information with URL information for the tunnel mechanism, whereby the internal 
device is hidden from the external client device with the response appearing to 
originate from the tunnel mechanism (col. 4 line 65- coL 5 line 12). 

17. Claims 1-3, 5-6, 16, 18 are substantially equivalent to claims 10-11 and 14; therefore 
claims 1-3, 5-6, 16, 18 are similarly rejected. 

18. As per claim 13 Birrell et al. teach that the object 150 in Fig. 1 represents intranet, 
which comprises multiple web servers (col. 3 lines 17-18). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

19. Claims 7, 19-21 remain rejected under 35 U.S.C. 103(a) as being unpatentable over 
Birrell et al. (U.S. Patent No. 5805803) in view of Dennis et al. (U.S. Patent No. 
5913922). 
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20. Birrell et al. teach a communication the response transmitted to the external device 
as discussed above. 

Birrell et al. do not explicitly teach examining the response for an error message, 
translating the error message, and including the error message in the response 
transmitted to the external client. 

21 . Dennis et al. teach examining the response for an error message, translating the 
error message, and including the error message in the response (Dennis et al. } Fig, 
4, col. 4 lines 38-47). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to examining the response for an error message, translating the error 
message, and including the error message in the response transmitted to the 
external client as taught by Dennis et al. One of ordinary skill in the art would have 
been motivated to perform such a modification in order to inform the user about the 
error (Dennis et al. col. 4 line 45). 

Not including identification information for the interior device in the modified 
response would be implicit. 

22. Claim 8 remains rejected under 35 U.S.C. 103(a) as being unpatentable over Birrell 
et al. (U.S. Patent No. 5805803) in view of Berstis et al. (U.S. Patent No. 6092100). 
Birrell et al. teach a communication the response transmitted to the external device 
as discussed above. 

Birrell et al. do not explicitly teach examining the response for an error message, 
translating the error message, and operating the tunnel mechanism to take 
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corrective actions to remove the error message from the response from the 
computer device. 

23. Berstis etal. teach examining the response for an error message, translating the 
error message, and taking corrective actions to remove the error message from the 
response from the computer device (Berstis et al. col. 2 lines 43-47). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to implement examining the response for an error message, translating the 
error message, and taking corrective actions to remove the error message from the 
response from the computer device as taught by Berstis et al. One of ordinary skill in 
the art would have been motivated to perform such a modification in order to 
intelligently resolve an incorrect URL requests (Berstis etal. col. 1 lines 64-66). 

24. Claim 9 remains rejected under 35 U.S.C. 103(a) as being unpatentable over Birrell 
et al. (U.S. Patent No. 5805803) and in view of Flyntz et al. (U.S. Patent No. 
6351817). 

25. Birrell et al. teach verifying authentication as discussed above. 

Birrell et al. do not explicitly teach the verifying including determining a level of the 
authorized access and, the routing including limiting the access request to the 
computer device to the determined level of the authorized access. 

26. Flyntz et al. teach verifying including determining a level of the authorized access 
(Flyntz et al. col. 1 lines 31-36). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to include determining a level of the authorized access when verifying as 
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taught by Flyntz et al. One of ordinary skill in the art would have been motivated to 
perform such a modification in order to make it impossible for an authorized user at 
one security level to access data at a security level for which he is not authorized 
(Flyntz et al. col. 1 lines 36-38), 

27. Flyntz et al. provides a clear suggestion that requests will be routed according to the 
level of requester's security, therefore, It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to include in routing the limiting the 
access request to the computer device to the determined level of the authorized 
access. One of ordinary skill in the art would have been motivated to perform such a 
modification in order to enforce the verification. 

28. Claims 1-3, 5, 16 and 18 remain rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bal et al. (U.S. Patent No. 6457061) and in further view of Stein 
(Lincoln D. Stein, "Web Security, "A step-by-step reference Guide, ISBN 0-201- 
63489-9, 1998) and in further view of Flyntz et al. (U.S. Patent No. 6351817). 

29. Bal et al. teach a tunnel mechanism (network address translation) that changes 
external addresses to internal addresses and internal to external addresses (pg. 3 
line 54-58 and col. 4 lines 25-50). Bal et al. also teach a method for providing an 
external client (Fig. 2, Internet 100 node) with selective access to a computer device 
(Fig. 2, LAN 140 node) protected behind a host (Fig. 2, object 230). Tunnel 
mechanism is in communication with the host and the computer device. The tunnel 
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mechanism receives an access request to the computer device from the external 
client as lines 9-13 col. 4 show that all the communication passes through the tunnel 
mechanism and as Fig. 2 shows the tunnel mechanism implemented on the host. 
Thus each request from an external client directed to a computer device is received 
by the tunnel mechanism before reaching the destination. 
30. Sa/ et al. do not teach the tunnel mechanism being communicatively linked to the 
firewall (pg. 387). 

Stein teaches firewalls. It would have been obvious to one of ordinary skill in the art 
at the time of applicant's invention to implement a firewall system into Bal et al.'s 
invention as taught by Stein, which would read on the tunnel mechanism being 
communicatively linked to the firewall. One of ordinary skill in the art would have 
been motivated to perform such a modification in order to prevent network attacks 
(Stein pg. 387). 

31 .Sa/ et al. do not teach verifying whether the external client currently has authorized 
access to the host. 

32. Stein teaches verifying whether an external client currently has authorized access to 
the host (Stein, Access Control Based on User Name and Password, pg. 255-261). 

33. It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention include verification whether an external client currently has authorized 
access to the host as taught by Stein for motivation of benefit of increased security. 

34. Claims 7, 19-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bal 
et al. (U.S. Patent No. 6457061) in view of Stein (Lincoln D. Stein, "Web Security, "A 
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step-by-step reference Guide, ISBN 0-201-63489-9, 1998) and Flyntz et aL and in 
further view of Dennis et aL (U.S. Patent No. 5913922). 

35. Sa/ et al. in view of Stein and in further view of Flyntz et ai teach a method as 
discussed above. 

Bal et al. in view of Stein and in further view of Flyntz et al. do not explicitly teach 
examining the response for an error message, translating the error message, and 
including the error message in the response transmitted to the external client. 

36. Dennis et al. teach examining the response for an error message, translating the 
error message, and including the error message in the response (Dennis et al. } Fig. 
4, col. 4 lines 38-47). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to examining the response for an error message, translating the error 
message, and including the error message in the response transmitted to the 
external client as taught by Dennis et al. One of ordinary skill in the art would have 
been motivated to perform such a modification in order to inform the user about the 
error (Dennis et al. col. 4 line 45). 

Not including identification information for the interior device in the modified 
response would be implicit. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571)272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (571) 272-3838. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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